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Title 

METHOD AND APPARATUS IN A TELECOMMUNICATIONS SYSTEM 
Technical field of the invention 

The present invention relates generally to/a method 
for use in communications systems, and more particularly, tjje invention 
relates to a method of access independent global roa'ning^The invention 
further relates to a system and apparatus for carrying ^out the method. 

Background of the invention 

A large number of fixed and'^mobile access standards 
are now aval 1 able, such as Wideband-Code D^is,i^ Multiple Access (VI-CDMA) , 
Universal Mobile Telephone System-Tiln4 ^ 
CDMA 2000, Wireless-Local Area NettorH 



^/QJvislon Duplex (UMTS-TDD) , 
i-LAN), EDGE etc, all of which 
belong to the 3""^ generation wirel^'^standards. Each type of access 
standard has its own^^particular Anftjiork concept; where Mobile Internet 
Protocol (Mobile IP) andvthe.G^rW Radio Service (GPRS) tunnelling 

protocol are the mainVwO coW^ts. The invention, however, is not limited 

to the above mentioned concepts . 

\ / 

Using^ethods presently available, interoperability 
between different network^'^concepts is not guaranteed. This is mainly due 
to three obstacles, Firs^'t, there is a lack of comr-on subscriber profiles, 
service standards a^/authentication mechanisms, preventing enforcement 
of policies relating, but not limited to. access and service authorization, 
and accounting an^mobility in different networks. Second, there is a lack 
of common Qual/fty of Service (QoS) versus resource allocation paradigm 
in the acces's^ networks, due to a bottom up instead of a top down approach 
in designing the data link layers with respect to QoS requirements. 
Third, there is a lack of common higher layer standards in the terminals, 
preventing service transparency when user terminals, i.e. clients, roam 
between different networks that carry specific services. 

/ Thus, there is a problem with interoperability between 

heterogeneous networks mainly because of problems with authentication and 
service transparency in and between different networks. It is, of course, 
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theoretically possible to harmonise disparate networks at all of the above 
levels and thus creating interoperability. There is, however, a need for 
an organic way of integrating heterogeneous networks and thus providing 
access independent global roaming. 

Summary of the invention 

The present invention therefore provides a solution 
to the problems cf integrating heterogeneous networks, providing for access 
independent global roaming and access to services via heterogeneous 
networks, without a need for harmonising disparate networks. 

An object of the invention is to provide access 
independent global roaming in heterogeneous networks. 

Another obj.ect of the invention is to provide policy 
enforcement and service transparency when terminal s roam between d1 fferent 
heterogeneous necworks. 

The invention achieves the above mentioned objects in 
embodiments thereof by: 

moving at least essentia': or all service related 
functions out of the network into the periphery, i.e. clients or user 
terminals and servers, by separating service and access functions, 

conceiving the transport mechanism between clients or 
tert.inals and servers as a packet pipe, not necessarily adding extra value 
except transport and Quality of Service (QoS) classification thereof, 

separating the charging of transport from the charging 
of services and introducing real-time payment of transport, 

defining policies, basically a set of rights and 
obi igations , In a pol Icy def ini t ion point, e.g. operator servers , enforcing 
policies in a policy enforcement point residing in the client, e.g. the 
user terminal , and 

standardising and modularising a client or terminal 
architecture that supports the above entities. 

More specifically, the policies defined in the policy 
definition point are enforced locally in the user terminal In a local 
policy enforcement point instead of, as usual, in the network. By policies 
in this context is meant, among others, a set of rights and obligations 
pertaining to authentication of users, authorization to access and services 
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as well as purchasing and brokering of transport resources and security. 
Accounting policies may govern the charging functions for access charging 
and service charging. By the separation of service and access functions, 
transport can be paid for separately, e.g. in real-time via a credit card, 
pre-paid card, cash card or the like and services can be paid for as usual 
e.g. as per invoice from a service provider, for example. 

The client or terminal thus acts more as a personal 
profile manager, enforcing policies, hence managing rights to services 
and access. Services and access are controlled in the terminal by the local 
policy enforcement point and the terminal/profile manager is access 
independent, since access can be purchased in real-time. Thus, the 
subscriber can access any network at any time, considered the right modem 
or layer 1 and layer 2 access module is provided. Reference is made to 
the Open Systems Interconnect (OSI) model. 

8y adoo^inn the proposed solutior-. as described in 
the embodirents ot the invention, global roaming iS possible between 
heterogeneous networks such as, CDMA 2000, W-LAN, EDGE and UMTS. The 
ability, with the present indention, to purchasp access also opens the 
possibility for the terminal to act as an e-comm'=»rce platform; i.e. the 
terminal can be used to purchase anything, not just access. 

The term transport used in this specification may 
identify an access network such as CDMA 2000, W-CDMA etc. or e.g. both 
an access network and a co^^e IP-network, The term access is used synonymous 
to the term transport. 

Although the invention has been summarised above, the 
method and arrangement according to the appended independent claims define 
the scope of the invention. Various embodiments are further defined in 
the dependent claims. 

Brief description of the drawinos 

The objects and advantages of the invention will be 
understood by reading the following detailed description in conjunction 
with the drawings, in which: 

Figure 1 shows a schematic picture of the architecture 
for global roaming in accordance with the present invention; 
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Figure 2 shows an embodiment of an anonymous payment 
method in accordance with the present invention; 

Figure 3 shows a detailed view of an embodiment of a 
local policy enforcemgnt point in accordance with thQ prg^Qnt invention; 

Figure 4 shows a detailed view of an embodiment of a 
secure mobile portal in accordance with the present invention; 

Figure 5 is an exemplary signalling diagram illustrating 
the signalling involved in a session set up in accordance with the present 
invention; 

Figure 6 Is a detailed view of an exemplary embodiment 
of the terminal in accordance with the present invention; 

Figure 7 shows schematically a Policy Domain (PD) in 
accordance with the present invention; and 

Figure 8 shows a mixed access scenario in accordance 
with the present invention. 

Detailed description 

The various features of the invention will now be 
described wi r<jferer»c.; U the figures, in which 1 ike parts are identified 
with t^e ".ame reference character. In the following description, for 
purpose of explanation and not 1 iffti tation, specific details are set forth, 
such as particular circuits, cornponents , tpchniqu^s, etc. in order to 
provide a thorough understanding of the present invention. However, it 
will be apparent to one skilled in the art that the present invention may 
be practised in other embodiments that depart from these specific details. 
In other instances, detailed descriptions of well-known methods, devices 
and circuits are omitted so as not to obscure the description of the 
present invention. 

The present invention describes a method of and a system 
for providing access independent global roaming between heterogeneous 
networks and solves the problem with policy enforcement and service 
transparency in and between different networks. The solution contains a 
number of salient features. 

1) A client-server relationship. 

I) A transparent "packet pipe", interconnecting servers 

and clients on a Quality of Service basis, transporting packets. 
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3) A Policy OefinRion Pointj(?DP) associated with or 
resid^nq withif. a server or server duster defining policies pertaining 
to services, authentication, authorization accour-ting, arui 

4) A Policy EnTorce.T.ent Point (P£P), associated with or 
residing ii. the client, enforcing policies def -ped in the poi icy definition 
point, at the terininal (client). 

5) Separate charging mechanisms for acces-; and services, 
I.e. cl i en:.-server based transactions. 

6) A transformation of the access n^.He into a point of 
sale for v.:cess. offering transparent IP transport. 

7) Removable and i'^terchangeablo layer i and layer 2 access, 
modules (modems) for the clients (terminals) for accessing different fixed 
and mobile standards. 

The solution according to the invention will now be 
further described in ^o'-e detail with refernnces to ^^iqurss 1-7. 

r .^'rv I -.ho^s d schematic picture o\ an architecture; 
for global roaming accuruing to the invention, ^he a? ctr- tecture can be 
divided i' *,o a servi e jc^r^^r ' n.'\i" shaded) . aivj 'rsiT^porfc domain 140 
(shaded). 

H j3r;icd domain, which covers the higher layers, 
e.g. OSI-niuuci, corii .t :i server cluster ieo 'jc-^^jh^ Mobile Portal 
(SMP) 100 and a client, governed by a Local Poi icy Enforcement Point (LPEP) 
110 rss'UirtCi IP. th^- client or terminal 120- A sec::^o encrypted packet 
transportation tunnel 130 connects the SMP 100 and the LPEP ilO in a 
Client-Server relationship. This tunnel is enabled by the establishment 
of shared secrets between the SMP 100 and the LPEP 110, contained in a 
policy, which is used to generate encryption keys for the packets, e.g. 
IP (Internet Protocol) packets. Since each IP packet is encrypted with 
a unique key, i.e. a shared secret between the service provider and the 
service buyer, each packet received by the SMP 100 will be seen as a de 
facto authentication of the se.vice buyer or subscriber by the service 
provider. 

The SMP 100 acts as a Policy Definition Point (PDP) 
for the LPEP 110 defining poi icies with respect to services, authentication 
of subscribers, authorization to access and services, accounting, mobility 
and security for the subscriber The LPEP 110 residing in the client 120 
enforces the policies definud in the SMP 100, A feature of the architecture 



is that charging for r-onsport and services can be sepsr^t'^c!. Transport 
c^in be paid For in real -tiiiie u:. iny. for example, a pre-pdid card, credit 
card, d cash Ldrd or the nke. Transactions in thti service doTain can be 
paid for as usual e.g. as per Invoice, for exa:?ipie. 

The transport donain, consisting of an IP based core 
network 140 and IP based access networks such as das-^gnated by the acrony:ns 
CDMA 2000-, EDGE-, W-LAN-, W-CDMA- or fixed or cable networks, transports 
packets from the SMp ICO tc tli- LPtP 110. The la.ysr I M:i layer 2 part 
150 of the cnr-nt or terrinnal 120 also belongs to t-. sport domain 
and is p^'tiferabiy irpj^leif-^'oted a;i interchangeable roo:Jc?s (modems) for 
different i-cess standards sn.-r; ai* W-CDMA, CQGf:, -T'lMA ;.^OOCs W-LAN etc. 
The transport domain not necessarily adds value I:: the packets, except 
that it classifies the packers according Vo Quality oF Service and 
transports the packets to the end destlnati'jn, guair.K=':^;^1n^ access to 
phvsic.^l "^e^^oiircps iwHovp rh.^ U nopropriat^ 

Thf, '"V; i fl.Less netvrcri;;; .n ...u- --.nsport doir.uin 

zust have Lr.e appropriate interfaces and sijpp;'-t ^s-^e^ ' on Quality of 
Serv ^ i'-^'' .'r:fon; - ca:' d packet pipt. packet pipe 130 

provides layer 1 " • , * .•.-.ici-, to convey n-ic.*-?^' data traffic across 
radio air interfr.;:*^- .-if -•'•:^le As part o; r.ne '^•-i.'^port domainj the 
J.:--; '.^/^.m' . :. c I'o ..^• e Co proce5:> -^''^ 'y'-'i . - ''cnnat 1 on in thfi 
embodiment or irie jnvent:o" wherein transport cr-vrv nc is Independent cf 
sarvic ' ■^r^^^t^ , r; -^.hcteir xcess >s riUjendent fi-^OTi 

any otnirr ^.harging, ^nc .> >.riDri i >ieparate ^r.ticy. The craDsport dom^ Ki 
thus involves meatis for charging a subscriber f^r trcinspurt used, e.g 
via a pr^-pai'i card, credit c-ird» cash car;l oth rneans. It is nvt 
necessary that a subscriber is authenticate^; or authorised by a service 
provider before transport charging takes place It is., c:. ly necessary to 
validate the pre-paid card, credit card, cash card oi the Mke, I.e. It 
is possible to implement anonymous payment methods for transport. Access 
providers can accept differ^^nt types of payment i.iiiihcd^: for payment jf 
transport; e.g, some access rvoviders may a'-.:6.i:t all rnajor credit cards 
and their own special cash Cdrd for paying for a:ces5 to their networks. 
This cao b'-' compared to when stores have a r.ti'.Aer on the entrance 
inforiTiinq -wha- credit cards *'.hey accept, for ex-^iTpie. 

Ir figure 2 r.i an exemp'' 1 fyir^/i, err":;odiment of an 
anonywus :>^.y,x[^-^t method vhow i. "he terminal ]2r trinsmus a random access 
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channel (in GSM typically the RACCH) including payment information 200 
to an access node 210. The payment information identifies the Credential 
Verifier (CV) 220 e.g. the issuer of a credit card or an access 
subscription, the identity of the subscriber in an encrypted form and the 
credit verification in an encrypted form. e.g. a credit card number. This 
information is received in the access node 210 which reads out the address 
to the CV 220 adds a transaction number to the user :dentity and credit 
verlficattori and transmits that information 230 tu the identified CV 220 
e.g. a MasterCard"^ server. The CV 220 decrypts i he packets '-ent from the 
access node 210 with unique keys for that particular subscriber and 
checks whether the user identity and the credit verification number are 
correct. In this way the subscriber can be uniquely identified and thus 
authenticated. If the relationship between the user identity and the credit 
verification is correct the CV 220 transmits a message with the same 
transaction number and a positive acknowl edqement ?40 back to the access 
node 210. The accev? rode tncr returns a message ?50 a: a modem/router 
interface contained i;t the terminal 120 containir--; IP-address and a 
posi ' .v . cic^ jw^^c* :^rMtino access, ^h^- .- -i dreis 1:, stored in 

the modem/router fa tacc : ir .he LPEP ::o ard is associated with a 
service r^questeo -jy cr^e suoicriLer in the service i dyers 260. 

iht stru'>.iure <irid operation u,' an exemplary err.bodiment 
of the LPEP 110 resident in the client or teraiinal 120 will now be 
describeJ iri rure dera^' w<iS reference tn fv:jar-? -r the drawinq>. 
As discussed above, the LPEP 110 enforces policies with respect to 
authentication of subscribers, authorization to access dnd services, 
accounting, mobility and security for the subscriber(s) that the LPEP 110 
serves. These policies are defined in the SMP 100 that acts as a POP for 
th$ LPEP 110. Each LPEP 110 has a set of policies associated with it and 
the relationship between the PDP and the LPEP 110 i.e. between the SMP 100 
and the subscriber is uniquely defined by these oolicies in the LPEP 
authorization database 300, 

Each relation that the subscriber has with SMP's 100 
or CV's 220 is defined with a number of parameters 310, In the embodiment 
shown at least four paramett^rs have been defined. These are obligations, 
rights, and a shared secret, i*e. a unique identity and an encryption key, 
and an IP-address to the SMP 100 or the CV Z2U. These relations are 
negotiated either in real time using public key infrastructure or by 
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signing up for a service and receiving the obligations, rights, shared 
secret and IP-address 310 to the SMP 100 or CV 220 by mail, for example. 

The LPEP 110 is also responsible for authenticating 
the subscriber via e.g. a PIN-code or a fingerprint reader. If the 
subscriber is authorised he gains access to the LPEP 110. It is possible 
that the LPEP 110 serves more than one subscriber, then the authentication 
database 320 stores several subscribers A, B, ... 330 and their 
corresponding identification keys key 1, key 2. ... 340. The LPEP key 3S0 
on the other hand is used for identifying the LPEP 110 to the SMP 100 and 
for encrypting the traffic between the LPEP 110 and the SMP 100 or CV Z20. 

During a communication session the LPEP 110 maintains 
an accounting log 360 containing accounting information 370 pertaining 
to the session, such as start time, stop time and service utilised. This 
accounting log 360 can be used by the SMP 100 for billing and auditing 
purposes. At completion of the session the LPEP IIO can forward the 
accounting log 360 to the bMP 100 and the SMP iOO rep.ies in agreement 
or disagreement, i.e. compare the accounting log in the .sMP 100 with the 
one generaterj in the LPEP liO. Alternatively the accounting log 350 is 
transmitted from the LPEP 110 to the SMP 100 at regular intervals, such 
as at the end of the day 

With reference now to figure 4 of the drawings, the 
structure and operation of an exemplary embodiment of the SMP 100 will 
be described more detail. As discussed above, the SMP 100 defines 
policies with respect to authentication of subscribers, authorization to 
access and services, accounting, mobil ity and security for the subscribers 
that the SMP 100 serves. Thus, the SMP 100 contains an Encrypted Subscriber 
Register (ESR) 400 carrying subscriber IP addresses or network address 
identifiers (NAI) , e.g. n.n@tel ia.mob . as well as encryption keys for each 
individual subscriber and service that the SMP 100 serves. This, to provide 
encryption, authentication and authorization to the services provided. 
The SMP 100 also contains a Global Location Register (GLR) 410 indicating 
which access networks the subscriber presently is residing (visiting) in. 
To be able to provide voice services the SMP 100 also contain a voice 
server 420 for providing e.g. voice over IP. The SMP 100 can be seen as 
a server cluster providing both secure and non-secure services to the 
subscriber; secure services like e-commerce 430, security alarms, health 
care services, etc. and non-secure services like web browsing 440 and 
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catalogue/information services 450, for example. The SMP 100 also contains 
d secure accounting server 460 for accounting and auditing of records. 
The SMP 100 can also update the policies in the LPEP 110. For example if 
the subscriber does not pa> the invoices for a particular service, that 
service can be barred. 

With reference. now to the exemplary signalling diagram 
shown in figure 5 of the drawings, the initiation of a session will be 
described in more detail . To initiate a session a subscriber 580 transmits 
an authentication request 500 including subscriber identity and a 
corresponding key e.g. a personal identification number (PIN) or a 
fingerprint, to gam access to the terminal and the rights of the LPEP 110. 
When the subscriber 580 receives an authentication reply 505 indicating 
that the subscriber 580 is authenticated to use the terminal, a service 
request 510 is transmitted to the LPEP 110. The LPEP 110 decides on a 
suitable access depending on the service requested by the subscriber 
and transmits an access request 515 identifying the subscriber and 
corresponding payment information 520, everything but the address to the 
CV encrypted by the LPEP key, to the chosen access network 585. The access 
network 585 reads the payment information and identifies the address to 
the Credential Verifier (CV) 220, generates a transaction number and adds 
the payment information, i.e. the user identity in an encrypted form and 
credit verification in an encrypted form, e.g. a credit card number, and 
transmits the message 525 to the CV 220. The CV 220 decrypts the message 
and if the relationship between the user identity and the credit 
verification is correct the CV transmits a message with the same 
transaction number and verifies the subscriber's credentials 530. The 
access network 585 transmits access OK 535 together with an IP-address 
to the LPEP 110 and at the same time the access network 585 transmits a 
message 540 to the SMP 100 indicating in what network the subscriber 580 
is residing in. The LPEP 110 then enacts 545 the requested service 510 
in the SMP 100 and the subscriber 580 and the SMP conducts a session 550. 
The LPEP 110 and the SMP 100 monitors 555 all transactions between the 
LPEP 110 and the SMP 100 for accounting purposes. Tq end the session the 
subscriber 580 transmits an end session message 550 to the LPEP 110 that 
transmits an end session message 565 to the SMP 100. When the session has 
ended the LPEP 110 sends accounting information 570 to the SMP 100 that 
compares it with the accounting information generated in the SMP 100 and 
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sends a positive or negative accounting conf i r-nation 575 back to the 
LPEP 110. 

With reference now to figure 6. embodiments and 
functions of the client or terminal will be described in more detail . The 
terminal is basically separated into three parts, an access part, a control 
part and a service part. The access part contains a number of access 
options (modems) 600a-c. These access options can physically be located 
in the terminal Itself or in someone else's terriinal, or be a Bluetooth'" 
interface connecting to remote modems e.g. in the subscriber's briefcase. 
The service part contains a user Interface and applicable application 
programming interfaces (API's) for the services. The control part contains 
a policy enforcement engine 610 and a policy repository 620. 

The terminal also contains a layer 2 IP switch 630 and 
a layer 3 IP router 640 between the modems 600a-c and the applications 
15 interface 650. This enables the user 660 the possibility to have several 
information flows between applications 670 and modems 600a-c active at 
the same time. For example can a voice over IP data flow be maintained 
through a W-COMA network, at the same time as a .-nulti-Tiedla flow is 
maintained through a W-LAN network, while the terminal at the same time 
p20 is receiving a best effort flow from another terminal, through a 
Bluetooth"^ modem. Thi s possibi 1 ity to route a plural ity of data flows from 
g| a plurality of modems 600a-c is possible because of the included layer 2 

1:1 IP switch 630, and layer 3 IP routing 540. This embodiment also :iiake5 it 

possible for the terminal to hand over a communication session from one 
communications network to another, by re-routing the data flow from one 
modem port to another. 
|=f The access discovery function 680 of the terminal is 

Q continuously active, scanning the surroundings for access possibilities 

jj| and generates a record of all available access possibilities. The access 

Pi30 selection function 690 is responsible for requesting access and presenting 
credentials to the desired access network depending on the service 
requested from the service layers and also for preparing to interconnect 
with the chosen access network. 

The policy enforcement engine 610 and the policy 
repository 620 in the control part connect the modems 600a-c in the 
access part with the user 660 and the API's in the service part. More 
specifically the policy enforcement engine 610 in the control part has 
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the responsibility for a variety of tasks such as authenticating the user 
660 to the terminal, authorising the user 560 to services and collecting 
accounting data. These and other tasks will be further described in 
relation to figure 8. 

The policy repository 620 of the terminal can be seen 
as a database containing the subscribers relationship to access providers, 
service providers as well as individual clients, i.e. the obligations! 
rights, shared secrets and addresses to credential verifiers or SMP's. 
These relationships can be varying and sometir^es extremely complex. Also 
these relationships may need to be updated at any tire. 

Some service providers may e.g. have a hierarchical 
relation between different aspects of its service. For example a special 
access network or a special gateway night need to be used or passed before 
a particular service can be executed and perhaps a trusted relationship 
will have to be enacted for a particular session. Other service provider 
might be non-hierarchical, which means that the different services are 
open and enacted at the same level, e.g. in that any access network may 
be used. 

A subscriber may have a relationship to many different 
structures, hierarchical and flat. For example, subscriber A has a private 
subscription with provider X for voice and web browsing. Under the voice 
service, subscriber A communicates following a specific policy with 
subscriber B. Subscriber A also has a specific business relationship to 
subscriber C, such that all packets to subscriber C will be encrypted and 
directly transferred to subscriber C. In addition to his private 
subscription with provider X and his occupational relationship with 
subscriber C, subscriber A may also be a member of an exclusive business 
club that operates a club server. His club membership fee provides 
subscriber A encrypted voice and data traffic services to all other members 
of the business club. The bank at which subscriber A has an account, may 
also operate a server of their own, and may have deployed a policy in the 
terminal of subscriber A, such that he always can access his bank account, 
even at midnights. Both the bank and the business club need to purchase 
the service of some MSP, in order to know the whereabouts of subscriber 
A, that is unless the bank or business club operates an MSP themselves. 
All these relationships are reflected in the policy repository 620. 
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Each relationship a user 660 or subscriber would like 
to enter into is defined using a number of at least three or four 
parameters. These are rights, obligations, shared secret, and address to 
a credential verifier or SMP. thus creating a policy block. The policy 
repository 520 contains several policy blocks defining the relationships 
that exists between the user 660 and different service providers as well 
as individuals. 

The policy repository 520 can be accessed from outside 
695 of the terminal providing the user has opened the policy repository 
620 by e.g. a personal identification code, a fingerprint reading or other 
means. Then a service provider can update their policy block and relevant 
coupling coefficients. Once the service provider has entered its policies 
Into the policy repository 620 these can be updated at will by the service 
provider providing such an agreement exists. If no such agreement exists 
15 the subscriber must open the policy repository 620 every time before 
changes can be nade. 

The policy enforcement engine 610 thus enforces policies 
defined in policy repositories 620. This implies e.g. that rental cars, 
hotel rooms etc. can be provided with policy enforcement engines 610 
g20 executing the policies in a user's or visitor's policy repository 620. 
yl Both the policy enforcement engine 610 and the policy repository 620 is 

|JJ preferably implemented as computer programs on a suitable media, e.g. smart 

cards together with a suitable wireless access product such as Bluetooth™, 
pi other implementations are of course possible, e.g. integrated circuits, 

H25 a circuit board in the terminal or as a separate circuit board that can 

be inserted into any appropriate terminal. 
i:| Figure 7 shows a so-called Policy Domain (PD) and sub- 

H domain. The pol icy domain contains multiple policy blocks 525 which contain 

all the specific relationships existing between the user and service 
providers, as well as individuals. Each policy domain may contain sub- 
domains 635 defining a reserved domain space for a particular application. 

A coupling matrix is defined between the policy blocks, 
defining their hierarchical relationship. Relationships between policy 
blocks xi, yj and policy blocks xk, yl are determined by a coupling 
35 coefficient K, ij, kl . If the coupling coefficient is 0, than there is 
no relationship, if the coupling coefficient is +1, than block k,l is 
dependent on block iJ implying that block i,j has a higher position in 
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the hierarchy than block kj and that block i,j cust be enacted before 
block kJ . 

If the coupling coefficient is -l, than block kJ 
supersedes block ij, irr.plying that block i,j has a lower position in the 
hierarchy than block k J . 

With reference now to both figure 6 and 8 the tasks 
of the control part of the terminal will be described in more detail 
together with a mixed access scenario. Suppose that the access 
possibilities consists of several different networks, such as W-CDMA 700, 
EDGE 705, GPRS 710, CDMA-2000 715, W-LAN 720 or Fixed or Cable 725 and 
that the transport network is an IP based core network 730, To gain access 
to the functions of the terminal and the policy enforcement engine 610 
and policy repository 620 the user 560 must be authenticated. Thus an 
authentication request is transmitted to the policy enforcement engine 
610 that checks the authentication with the relevant policy blocks in the 
policy repository 620. When the user 660 is authenticated all the rights 
and obligations associated with the user in the policy repository 520 are 
open. 

The access discovery function 580, which is continuously 
active, has scanned all available access networks and found the above 
mentioned access possibilities 700-725 and made a record of what i$ 
available. The user 650 now e.g. wants to initiate a web-service and thus 
via the applications interface 650 agree on parameters, i.e. some Quality 
of Service value for the session, e.g. the transmission rate. The 
applications Interface 550 thereafter asks the policy enforcement engine 
610 to enact the requested web-service. The policy enforcement engine 510 
then collects data from the policy repository 620 and the access selection 
function 690 to set up a channel that complies with the agreed parameters 
and the requested service and thereafter activates the connection. 

If the user 560 does not have a subscription to the 
requested network, the policy enforcement engine 610 presents credentials 
to the appropriate access supplier. The credentials can e.g. be a credit 
card accepted by the access supplier. The policy enforcement engine 510 
then launches the requested web-service according to the policies in the 
policy repository 620. The policy enforcement engine 510 tracks data 
exchanged during the executed web-service according to policies for 



14 



accounting and verification purposes. Then the policy enforcement engine 
610 disconnects the application 670 and assembles the accounting data. 

Another possibility occurs if the terminal does not 
have the appropriate modei 600a-c for the best access network. Ir^agine 
for example that the GPRS network 710 is most suitable for the requested 
web-service but the user terminal only has a W-CDMA intQrface. The solution 
IS the Bluetooth^ modem 740 a-b attached to the terminal, which makes it 
possible to use the .nodems 500a-c of a neighbouring terminal. The 
Bluetooth™ mode.Ti 740a-b in the neighbouring terminal then acts as an 
access point or bridge to access the GPRS modem of the other terminal. 

The user or subscriber physical owns the PEP. The 
content of the PEP can be the ownership of many parties. The subscriber 
controls access to the PEP, and can delegate these rights to another party, 
for example an operator, or other service provider. The PO and its sub- 
domains can be accessed from outside, providing the user initially opens 
the PD (by a card opening PIN or by other means). The service provider 
can enter its policy blocks, as well a$ the relevant coupling factors that 
define the relationship between the policies of the service operator. Ones 
the service provider has entered its policies into the PEP, these can be 
updated at will by the service provider, providing such an agreement 
exists. If there Is no such agreement, then the PD must be opened each 
time by default, for example. 

The LPEP can be realized physically In many different 
ways. It can be on board in a mobile terminal, it can be part of a network 
termination equipment in the residence, it can be a separate board which 
can be inserted into any appropriate terminal when the user wishes to make 
a call, or it can be a separate PEP board encapsulated together with a 
suitable wireless access product (such as Bluetooth™). The PEP may 
com.municate with the client that the subscriber wishes to use for 
communication according to the principles defined above. 

The invention being thus described, it will be obvious 
that the same may be varied in many ways. Such variations are not to be 
regarded as a departure from the scope of the invention, and all such 
modifications as would be appreciated by a person skilled in art are 
intended to be included within the scope of the following claims. 



